ftp doesn't use specific port. It normally establish contact on 21 and then use random port for communication. Why would you want ftp on the first place. I would suggest you rethink that and use SSH instead (sftp or scp)

ftp doesn't use specific port. It normally establish contact on 21 and then use random port for communication. Why would you want ftp on the first place. I would suggest you rethink that and use SSH instead (sftp or scp)

my isp blocks the first 1053 ports so any service i put below that is not accessible by the web. So I wanted to put it on say port 2220. the ftp server accepts sftp commands normally, as well as standard ftp. In a perfect world I would eliminate normal ftp all together and only use sftp on a port +1053. ? Is there someone other way I should go about it?

You can't "move" FTP. It requires ports 20 or 21 for console traffic (depending on active or passive FTP), and random high port numbers for data transfer. Since your ISP blocks the ports, you cannot offer FTP as a service.

Quote:

the ftp server accepts sftp commands normally, as well as standard ftp.

Huh?

If you mean the built-in ftpd(8) server, it does not use the SSH protocol, used by sftp(1) and scp(1).

SFTP was designed to use similar end-user commands, but the underlying communication protocol is very different. And encrypted.

The server is sshd(8), which is typically started via /etc/rc via the sshd_flags variable as set in /etc/rc.conf and overridden in /etc/rc.conf.local. You were asked about it when you installed OpenBSD; if you declined to have sshd run, it will be disabled in /etc/rc.conf.local. Delete the entry to enable it, as it is enabled by default in /etc/rc.conf.

For a complete list of man pages for OpenSSH, please see http://openssh.org/manual.html -- you will want to read at least sftp(1), sshd(8), sshd_config(5), and perhaps the highly useful ssh(1).

Just to point you in the right direction .... by default, sshd will listen on port 22. You will want to change this. You can set the value of sshd_flags in /etc/rc.conf.local if you wish, but best practice would be to edit /etc/ssh/sshd_config and add a custom ListenAddress, along with other customizations you might make (such as disallowing root login, which is enabled at installation time only to make post-install provisioning easier remotely).